Default Attribute
self
Policy Description
The HTTP Content-Security-Policy (CSP) script-src directive specifies valid sources for JavaScript. This includes not only URLs loaded directly into <script>
elements, but also things like inline script event handlers (onclick) and
XSLT
stylesheets which can trigger script execution.